I really believe that decisions about security are about

  1. accepting that there are no risk-free options,
  2. maximizing value and practicality given the level of risk you're willing to accept, and especially
  3. eliminating needless risk.

When it comes to passwords, there's a lot of needless risk-taking out there.

Troy Hunt:

Sony’s breach is Sony’s fault, no doubt, but a whole bunch of people have made the situation far worse than it needs to be through [password] reuse.

Troy found that 92 percent of passwords were identical between two separate Sony systems. Perhaps even worse, two thirds of people that had accounts at both Sony and Gawker used the same password.

Given that 90 percent of companies (90!) have had some sort of security breach in the last 12 months, I'd say there is little "risk" left when it comes to wondering whether your passwords will be exposed. It's nearly certain they will be at some point.

But you can at least “sandbox” the damage by using a different password for each account.

I would have more sympathy for you if maintaining lots of unmemorable, unique passwords were hard. But it’s not. 1Password makes it really easy.

Until companies figure out how to better operate in the password-dependent world we've created, it's up to you to protect yourself.